Is it safe to give an app my credit card information?
The Bankrate promise
At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here's an explanation for . The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Terms apply to the offers listed on this page. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and have not been reviewed, approved or otherwise endorsed by any card issuer.
Key takeaways
- Apps and digital wallets that accept payments are generally considered safe because they must follow PCI SSC global standards, which account for the safety and security of user data.
- Apps that ask you to link multiple accounts to it, like budgeting apps, must also follow security standards and have in-app protections. But some apps will be more secure than others, so it’s important to research the budgeting app you want to use before downloading it.
- Regardless, none of these apps are foolproof, so there’s always a risk in using them, even if that risk is minimal. Keeping an eye out for security pitfalls can help minimize your risk.
From rideshare and food delivery to digital wallets and shopping, it seems like you can do just about everything through an app on your phone. These apps ask for your card information when you sign up for their services, but is it actually safe to give it to them?
In most cases, yes — it is generally safe to share your credit card data with apps. But even apps considered safe aren’t foolproof, which is why it’s important to understand just what makes an app secure so that you can decide whether you’re comfortable giving it your credit card information.
What standards do apps have to follow to be considered safe?
There are typically three points at which your data could be compromised when using an app. The first is when you enter the data, the second is when it’s stored on the app on your device and the third is when the data is transmitted out of the device.
The payments industry, which includes the companies that process all of your transactions, has a division called the Payment Card Industry Security Standards Council (PCI SSC). This council comes up with global standards to safeguard payments across a variety of platforms. The global standards are constantly updated as the environment evolves.
When it comes to apps, the PCI SSC, commonly just called the PCI, requires app developers to provide security in all three of the stages we mentioned in compliance with its evolving standards.
Some examples of these standards include:
- Implementing proper authorizations: Data stored on a mobile device should not be readable by unauthorized persons, according to the standards.
- Encrypting data: The standards say that data transmitted outside of a mobile device should be encrypted.
The use of a private key is also an important security factor. With a private key, sensitive information is only available to the sending and receiving parties. If your mobile device has already been compromised in some way, this can also prevent unauthorized parties from “eavesdropping,” or intercepting data being transmitted to another device or party.
What in-app protections will keep your info safe?
The PCI also calls for protections within the app itself, rather than just within a network. In-app protections, like firewalls, help protect information and can end your sessions or shut down an app if they sense an attack. Some protections can even identify and report any unusual activity.
Payment apps are also supposed to have mechanisms that enable the apps to be disabled by the providers responsible for the services. This way, if an app is compromised, it can be shut down. The PCI security standards also specify that apps distributed through online app stores have certain controls in place to ensure the integrity of the software and authenticate the sources of the apps.
Are digital wallets and budgeting apps safe?
Digital wallets like Google Pay and Apple Pay are generally considered safe because they follow the global security standards set by the PCI. In fact, they’re often considered safer to use than physical cards. Plus, many of today’s top rewards credit cards can be linked to your digital wallet, so you don’t have to miss out on cash back or points by prioritizing your financial safety with a digital wallet.
Unlike a physical credit card, which can be stolen from your wallet and swiped without your permission, a payment method stored in a digital wallet can’t be stolen as easily. That’s because the payment data is heavily encrypted, so even if a thief stole your phone, they’d have a hard time finding out what your actual credit card numbers are — especially if your phone or wallet was password-protected.
Budgeting apps are also generally considered safe, especially those run by your card issuer or integrated into your mobile banking app. But what about third-party budgeting apps?
Many of the top budgeting apps allow you to integrate your accounts into the app so that it can track your purchases and help you create useful budgets. If a budgeting app allows for this, you’ll want to look up what it is they’re using to pull your information and do research on the app itself. The app should be clear and upfront about how they’re keeping your data safe.
Don’t forget to also read the fine print associated with this process. Some budgeting apps, especially free ones, might share some aspects of your data with marketers.
Bankrate’s take: When it comes to linking your accounts to a budgeting app, you should trust your instincts. If an app doesn’t look or feel secure, you shouldn’t give it your information. There are plenty of other ways to budget without an app that might be more comfortable to you.
4 security pitfalls to watch out for when using apps
Even though an app may be safe in itself, certain security issues could compromise its safety. Those issues include:
- Using a public network: If you’re connected to a public Wi-Fi network, for example, the information you provide could be hacked. If you’re inputting payment information or other sensitive information, criminals using that network could steal it.
- Using public charging stations: It’s possible for hackers to load malware onto charging stations at public places like airports, which means you may be compromising your data by using such amenities. That’s why you’d be better off sticking to your own wireless charger.
- Downloading illegitimate apps: Just like how people set up scam websites to trick users online, people can set up scam apps that steal credit card information, as well. Before downloading a new app, make sure it’s not malicious and carrying malware. Do your research and verify that the platform or website you’re downloading it from is legitimate. Also, be vigilant and constantly update your software so you have the most current security measures available to protect your data.
- Providing more permissions than necessary: Another pitfall to watch for is that you don’t give apps permissions they don’t need. Read through the fine print and make sure you are only allowing access to information you’re comfortable sharing. For instance, if an app asks for access to your contacts, you don’t have to provide it.
The bottom line
Popular credit card-based apps such as Uber, Lyft, Google Pay and DoorDash will ask for your credit card information for convenience of use. Considering there are standards that the PCI has developed for app security, it’s generally safe to give your information to apps.
However, no app security system is 100 percent foolproof, so you should always watch out for security pitfalls and be careful that you don’t put your data at risk unnecessarily.